Commit 11567c4

authored

Merge pull request #169 from python-security/no_more_uimode

Remove --trim option and UImode Enum

2 parents 3fc8046 + 12619b7 commit 11567c4Copy full SHA for 11567c4

File tree

10 files changed

+104

-175

lines changed

README.rst
pyt
- __main__.py
- cfg
  - stmt_visitor.py
- usage.py
- vulnerabilities
tests
- usage_test.py
- vulnerabilities
  - vulnerabilities_across_files_test.py
  - vulnerabilities_test.py

10 files changed

+104

-175

lines changed

`‎README.rst`

Lines changed: 29 additions & 26 deletions

Original file line number	Diff line number	Diff line change
`@@ -86,53 +86,56 @@ Usage`
`86`	`86`	`.. code-block::`
`87`	`87`
`88`	`88`	`usage: python -m pyt [-h] [-a ADAPTOR] [-pr PROJECT_ROOT]`
`89`		`- [-b BASELINE_JSON_FILE] [-j] [-m BLACKBOX_MAPPING_FILE]`
`90`		`- [-t TRIGGER_WORD_FILE] [-o OUTPUT_FILE] [--ignore-nosec]`
`91`		`- [-r] [-x EXCLUDED_PATHS] [-trim] [-i]`
`92`		`- targets [targets ...]`
	`89`	`+ [-b BASELINE_JSON_FILE] [-j] [-t TRIGGER_WORD_FILE]`
	`90`	`+ [-m BLACKBOX_MAPPING_FILE] [-i] [-o OUTPUT_FILE]`
	`91`	`+ [--ignore-nosec] [-r] [-x EXCLUDED_PATHS]`
	`92`	`+ [--dont-prepend-root] [--no-local-imports]`
	`93`	`+ targets [targets ...]`
`93`	`94`
`94`	`95`	`required arguments:`
`95`		`- targets source file(s) or directory(s) to be tested`
	`96`	`+ targets source file(s) or directory(s) to be scanned`
`96`	`97`
`97`	`98`	`important optional arguments:`
`98`	`99`	`-a ADAPTOR, --adaptor ADAPTOR`
`99`		`- Choose a web framework adaptor: Flask(Default),`
`100`		`- Django, Every or Pylons`
`101`		`-`
	`100`	`+ Choose a web framework adaptor: Flask(Default),`
	`101`	`+ Django, Every or Pylons`
	`102`	`+`
`102`	`103`	`-t TRIGGER_WORD_FILE, --trigger-word-file TRIGGER_WORD_FILE`
`103`		`- Input file with a list of sources and sinks`
`104`		`-`
	`104`	`+ Input file with a list of sources and sinks`
	`105`	`+`
`105`	`106`	`-m BLACKBOX_MAPPING_FILE, --blackbox-mapping-file BLACKBOX_MAPPING_FILE`
`106`		`- Input blackbox mapping file`
	`107`	`+ Input blackbox mapping file`
`107`	`108`
`108`	`109`	`optional arguments:`
`109`	`110`	`-pr PROJECT_ROOT, --project-root PROJECT_ROOT`
`110`		`- Add project root, only important when the entry file`
`111`		`- is not at the root of the project`
	`111`	`+ Add project root, only important when the entry file`
	`112`	`+ is not at the root of the project.`
`112`	`113`
`113`	`114`	`-b BASELINE_JSON_FILE, --baseline BASELINE_JSON_FILE`
`114`		`- Path of a baseline report to compare against (only`
`115`		`- JSON-formatted files are accepted)`
	`115`	`+ Path of a baseline report to compare against (only`
	`116`	`+ JSON-formatted files are accepted)`
	`117`	`+`
	`118`	`+ -j, --json Prints JSON instead of report.`
`116`	`119`
`117`		`- -j, --json Prints JSON instead of report`
	`120`	`+ -i, --interactive Will ask you about each blackbox function call in`
	`121`	`+ vulnerability chains.`
`118`	`122`
`119`	`123`	`-o OUTPUT_FILE, --output OUTPUT_FILE`
`120`		`- Write report to filename`
	`124`	`+ Write report to filename`
`121`	`125`
`122`		`- --ignore-nosec Do not skip lines with # nosec comments`
	`126`	`+ --ignore-nosec Do not skip lines with # nosec comments`
`123`	`127`
`124`		`- -r, --recursive Find and process files in subdirectories`
	`128`	`+ -r, --recursive Find and process files in subdirectories`
`125`	`129`
`126`	`130`	`-x EXCLUDED_PATHS, --exclude EXCLUDED_PATHS`
`127`		`- Separate files with commas`
	`131`	`+ Separate files with commas`
`128`	`132`
	`133`	`+ --dont-prepend-root In project root e.g. /app, imports are not prepended`
	`134`	`+ with app.*`
`129`	`135`
`130`		`- print arguments:`
`131`		`- -trim, --trim-reassigned-in`
`132`		`- Trims the reassigned list to just the vulnerability`
`133`		`- chain.`
`134`		`- -i, --interactive Will ask you about each blackbox function call in`
`135`		`- vulnerability chains.`
	`136`	`+ --no-local-imports If set, absolute imports must be relative to the`
	`137`	`+ project root. If not set, modules in the same`
	`138`	`+ directory can be imported just by their names.`
`136`	`139`
`137`	`140`	`Usage from Source`
`138`	`141`	`=================`

`‎pyt/main.py`

Lines changed: 6 additions & 8 deletions

Original file line number	Diff line number	Diff line change
`@@ -19,8 +19,7 @@`
`19`	`19`	`from .usage import parse_args`
`20`	`20`	`from .vulnerabilities import (`
`21`	`21`	`find_vulnerabilities,`
`22`		`- get_vulnerabilities_not_in_baseline,`
`23`		`- UImode`
	`22`	`+ get_vulnerabilities_not_in_baseline`
`24`	`23`	`)`
`25`	`24`	`from .vulnerabilities.vulnerability_helper import SanitisedVulnerability`
`26`	`25`	`from .web_frameworks import (`
`@@ -65,10 +64,6 @@ def retrieve_nosec_lines(`
`65`	`64`	`def main(command_line_args=sys.argv[1:]): # noqa: C901`
`66`	`65`	`args = parse_args(command_line_args)`
`67`	`66`
`68`		`- ui_mode = UImode.TRIM`
`69`		`- if args.interactive:`
`70`		`- ui_mode = UImode.INTERACTIVE`
`71`		`-`
`72`	`67`	`files = discover_files(`
`73`	`68`	`args.targets,`
`74`	`69`	`args.excluded_paths,`
`@@ -123,9 +118,9 @@ def main(command_line_args=sys.argv[1:]): # noqa: C901`
`123`	`118`	`analyse(cfg_list)`
`124`	`119`	`vulnerabilities = find_vulnerabilities(`
`125`	`120`	`cfg_list,`
`126`		`- ui_mode,`
`127`	`121`	`args.blackbox_mapping_file,`
`128`	`122`	`args.trigger_word_file,`
	`123`	`+ args.interactive,`
`129`	`124`	`nosec_lines`
`130`	`125`	`)`
`131`	`126`
`@@ -140,7 +135,10 @@ def main(command_line_args=sys.argv[1:]): # noqa: C901`
`140`	`135`	`else:`
`141`	`136`	`text.report(vulnerabilities, args.output_file)`
`142`	`137`
`143`		`- has_unsanitized_vulnerabilities = any(not isinstance(v, SanitisedVulnerability) for v in vulnerabilities)`
	`138`	`+ has_unsanitized_vulnerabilities = any(`
	`139`	`+ not isinstance(v, SanitisedVulnerability)`
	`140`	`+ for v in vulnerabilities`
	`141`	`+ )`
`144`	`142`	`if has_unsanitized_vulnerabilities:`
`145`	`143`	`sys.exit(1)`
`146`	`144`

`‎pyt/cfg/stmt_visitor.py`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -665,6 +665,7 @@ def add_blackbox_or_builtin_call(self, node, blackbox): # noqa: C901`
`665`	`665`	`call_node.label = LHS + " = " + RHS`
`666`	`666`
`667`	`667`	`call_node.right_hand_side_variables = rhs_vars`
	`668`	`+ # Used in get_sink_args`
`668`	`669`	`rhs_visitor = RHSVisitor()`
`669`	`670`	`rhs_visitor.visit(node)`
`670`	`671`	`call_node.args = rhs_visitor.result`

`‎pyt/usage.py`

Lines changed: 24 additions & 36 deletions

Original file line number	Diff line number	Diff line change
`@@ -20,8 +20,9 @@`
`20`	`20`	`def _add_required_group(parser):`
`21`	`21`	`required_group = parser.add_argument_group('required arguments')`
`22`	`22`	`required_group.add_argument(`
`23`		`- 'targets', metavar='targets', type=str, nargs='+',`
`24`		`- help='source file(s) or directory(s) to be tested'`
	`23`	`+ 'targets', metavar='targets', nargs='+',`
	`24`	`+ help='source file(s) or directory(s) to be scanned',`
	`25`	`+ type=str`
`25`	`26`	`)`
`26`	`27`
`27`	`28`
`@@ -54,21 +55,27 @@ def _add_optional_group(parser):`
`54`	`55`	`action='store_true',`
`55`	`56`	`default=False`
`56`	`57`	`)`
	`58`	`+ optional_group.add_argument(`
	`59`	`+ '-t', '--trigger-word-file',`
	`60`	`+ help='Input file with a list of sources and sinks',`
	`61`	`+ type=str,`
	`62`	`+ default=default_trigger_word_file`
	`63`	`+ )`
`57`	`64`	`optional_group.add_argument(`
`58`	`65`	`'-m', '--blackbox-mapping-file',`
`59`	`66`	`help='Input blackbox mapping file.',`
`60`	`67`	`type=str,`
`61`	`68`	`default=default_blackbox_mapping_file`
`62`	`69`	`)`
`63`	`70`	`optional_group.add_argument(`
`64`		`- '-t', '--trigger-word-file',`
`65`		`- help='Input file with a list of sources and sinks',`
`66`		`- type=str,`
`67`		`- default=default_trigger_word_file`
	`71`	`+ '-i', '--interactive',`
	`72`	`+ help='Will ask you about each blackbox function call in vulnerability chains.',`
	`73`	`+ action='store_true',`
	`74`	`+ default=False`
`68`	`75`	`)`
`69`	`76`	`optional_group.add_argument(`
`70`	`77`	`'-o', '--output',`
`71`		`- help='write report to filename',`
	`78`	`+ help='Write report to filename',`
`72`	`79`	`dest='output_file',`
`73`	`80`	`action='store',`
`74`	`81`	`type=argparse.FileType('w'),`
`@@ -78,11 +85,13 @@ def _add_optional_group(parser):`
`78`	`85`	`'--ignore-nosec',`
`79`	`86`	`dest='ignore_nosec',`
`80`	`87`	`action='store_true',`
`81`		`- help='do not skip lines with # nosec comments'`
	`88`	`+ help='Do not skip lines with # nosec comments'`
`82`	`89`	`)`
`83`	`90`	`optional_group.add_argument(`
`84`		`- '-r', '--recursive', dest='recursive',`
`85`		`- action='store_true', help='find and process files in subdirectories'`
	`91`	`+ '-r', '--recursive',`
	`92`	`+ dest='recursive',`
	`93`	`+ action='store_true',`
	`94`	`+ help='Find and process files in subdirectories'`
`86`	`95`	`)`
`87`	`96`	`optional_group.add_argument(`
`88`	`97`	`'-x', '--exclude',`
`@@ -108,39 +117,18 @@ def _add_optional_group(parser):`
`108`	`117`	`)`
`109`	`118`
`110`	`119`
`111`		`-def _add_print_group(parser):`
`112`		`- print_group = parser.add_argument_group('print arguments')`
`113`		`- print_group.add_argument(`
`114`		`- '-trim', '--trim-reassigned-in',`
`115`		`- help='Trims the reassigned list to just the vulnerability chain.',`
`116`		`- action='store_true',`
`117`		`- default=True`
`118`		`- )`
`119`		`- print_group.add_argument(`
`120`		`- '-i', '--interactive',`
`121`		`- help='Will ask you about each blackbox function call in vulnerability chains.',`
`122`		`- action='store_true',`
`123`		`- default=False`
`124`		`- )`
`125`		`-`
`126`		`-`
`127`		`-def _check_required_and_mutually_exclusive_args(parser, args):`
`128`		`- if args.targets is None:`
`129`		`- parser.error('The targets argument is required')`
`130`		`-`
`131`		`-`
`132`	`120`	`def parse_args(args):`
`133`	`121`	`if len(args) == 0:`
`134`	`122`	`args.append('-h')`
`135`	`123`	`parser = argparse.ArgumentParser(prog='python -m pyt')`
	`124`	`+`
	`125`	`+ # Hack to in order to list required args above optional`
`136`	`126`	`parser._action_groups.pop()`
	`127`	`+`
`137`	`128`	`_add_required_group(parser)`
`138`	`129`	`_add_optional_group(parser)`
`139`		`- _add_print_group(parser)`
`140`	`130`
`141`	`131`	`args = parser.parse_args(args)`
`142`		`- _check_required_and_mutually_exclusive_args(`
`143`		`- parser,`
`144`		`- args`
`145`		`- )`
	`132`	`+ if args.targets is None:`
	`133`	`+ parser.error('The targets argument is required')`
`146`	`134`	`return args`

`‎pyt/vulnerabilities/init.py`

Lines changed: 2 additions & 6 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,12 +1,8 @@`
`1`	`1`	`from .vulnerabilities import find_vulnerabilities`
`2`		`-from .vulnerability_helper import (`
`3`		`- get_vulnerabilities_not_in_baseline,`
`4`		`- UImode`
`5`		`-)`
	`2`	`+from .vulnerability_helper import get_vulnerabilities_not_in_baseline`
`6`	`3`
`7`	`4`
`8`	`5`	`__all__ = [`
`9`	`6`	`'find_vulnerabilities',`
`10`		`- 'get_vulnerabilities_not_in_baseline',`
`11`		`- 'UImode'`
	`7`	`+ 'get_vulnerabilities_not_in_baseline'`
`12`	`8`	`]`

0 commit comments

Comments

(0)

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit 11567c4

File tree

10 files changed

10 files changed

`‎README.rst`

`‎pyt/main.py`

`‎pyt/cfg/stmt_visitor.py`

`‎pyt/usage.py`

`‎pyt/vulnerabilities/init.py`

0 commit comments

File tree

10 files changed

10 files changed

‎README.rst

‎pyt/__main__.py

‎pyt/cfg/stmt_visitor.py

‎pyt/usage.py

‎pyt/vulnerabilities/__init__.py

0 commit comments

`‎README.rst`

`‎pyt/main.py`

`‎pyt/cfg/stmt_visitor.py`

`‎pyt/usage.py`

`‎pyt/vulnerabilities/init.py`